CobaltStrike CDN上线的折腾
2023-4-14|2023-7-5
qsdj
type
status
date
slug
summary
tags
category
icon
password
0x1 使用nginx-certbot自动申请SSL证书
1.1 通过github拉取这个项目回来,项目内有docker-compose文件和配置模板文件
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F26704fee-89a4-43ec-8475-c8692f93aeca%2F2023-04-14-09-44-07-image.png?table=block&id=fa544300-4fee-4929-9811-526bd7ba3f8f&t=fa544300-4fee-4929-9811-526bd7ba3f8f&width=1661&cache=v2)
1.2 拉取回来后配置docker-compose.yml文件
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F9bce0b0c-64b8-49bf-97f0-534120f0a7b9%2FUntitled.png?table=block&id=aa3a5c50-a209-4450-8939-750618419976&t=aa3a5c50-a209-4450-8939-750618419976&width=805&cache=v2)
知识点:
1、nginx后面user_conf.d的ro代表为容器只有读取权限,没有修改权限
1.3 配置申请证书的域名信息
(1) 新建nginx文件夹并新建配置文件,域名的这个配置可以使用官方GitHub的模板进行配置就行
分别新建nginx文件夹和conf.d文件夹,新建后在conf.d文件夹内新建域名的配置文件
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F687632b4-f0b1-41b0-9290-09c32b17c386%2FUntitled.png?table=block&id=ee17e83f-d693-4760-8f3c-2b0b47168e19&t=ee17e83f-d693-4760-8f3c-2b0b47168e19&width=1795&cache=v2)
1.4 配置完成之后使用docker-compose拉取镜像并启动
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F015c7978-8be4-4192-979c-e70ed30616a4%2FUntitled.png?table=block&id=fc2a5322-088e-4a42-88ad-f545d7b474d3&t=fc2a5322-088e-4a42-88ad-f545d7b474d3&width=687&cache=v2)
使用docker-compose去拉取镜像并启动镜像,等待几分钟证书申请完成后将容器内存储证书的文件夹映射出来到磁盘外
证书文件保存在映射出来的letsencrypt下的live文件夹中
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fae4d4fcb-95fe-46bf-bdf6-c9cd2aa05334%2FUntitled.png?table=block&id=36c6bd72-b71b-490d-9ab7-703aafba7a23&t=36c6bd72-b71b-490d-9ab7-703aafba7a23&width=807&cache=v2)
证书文件说明:
0x2 配置cs的ssl证书
将整个证书文件夹copy到Cs的目录下,然后使用openssl将pem证书转为p12证书,然后使用keytool将p12证书再转换为keystore签名文件。
2.1 使用openssl将PEM证书文件转换为p12
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fff44c1ca-88b6-4cdb-a0ac-b074ad936728%2FUntitled.png?table=block&id=df08dbbd-d8f4-4689-93c5-2772508182b6&t=df08dbbd-d8f4-4689-93c5-2772508182b6&width=1359&cache=v2)
没有任何提示代表成功。
2.2 使用keytool将p12转换为store签名文件
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fae2f092e-a8ba-422a-a7b9-0ae3a2fb9054%2FUntitled.png?table=block&id=735bca32-f3eb-449d-af94-9b72caae96ab&t=735bca32-f3eb-449d-af94-9b72caae96ab&width=1363&cache=v2)
这里使用的密码就是和上面导出的密码相同就行
总结以下两条语句
2.3 配置cs的profile文件
(1) 配置详解
(2) 检查profile是否有问题
CS自带了一个profile的检查工具叫c2lint,在写完profile之后可以借助整个工具来对profile文件进行检查,如果检查发现有问题的会给出相应的提示,红色的问题必须要改,其他颜色的不影响正常使用,在检查的时候它会去模拟请求和返回
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F41dc8565-5ab2-4f83-af5d-7dd37e330c50%2FUntitled.png?table=block&id=605ef92e-0127-4827-9d7f-5423fa1e54bc&t=605ef92e-0127-4827-9d7f-5423fa1e54bc&width=912&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Ff977232a-28bb-4a88-bafc-042d7be1a215%2FUntitled.png?table=block&id=341f27f8-5920-416d-ae07-60faa63ae696&t=341f27f8-5920-416d-ae07-60faa63ae696&width=1350&cache=v2)
像这种检查结果就代表没有问题,可以正常运行了
0x3 加载证书启动cs
3.1 修改Teamserver
修改默认端口以及修改证书路径,可以达到流量层加密效果
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F99238ed8-383e-4694-bce2-ed99a7aa69c8%2FUntitled.png?table=block&id=4a13cce3-14c2-462d-b6ea-df0a1d19d3c4&t=4a13cce3-14c2-462d-b6ea-df0a1d19d3c4&width=1359&cache=v2)
3.2 加载profile启动teamserver
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F314f07f0-cb0a-442d-94cb-f11d533f3984%2FUntitled.png?table=block&id=f9de85ae-80c9-449e-bd51-a13ed8f9a85a&t=f9de85ae-80c9-449e-bd51-a13ed8f9a85a&width=1984&cache=v2)
0x4 添加监听器
连接上cs之后添加监听器,这里用cloudflare的免费CDN,它支持端口如下
所以我们在添加监听器的时候需要监听对应的端口才能够正常上线
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fce80e15f-25ee-4698-a40d-f228bc4ea74d%2FUntitled.png?table=block&id=e5c56dec-a377-4027-807d-44835036cdec&t=e5c56dec-a377-4027-807d-44835036cdec&width=678&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fd913d149-542e-4340-a1ec-716a0ceb231d%2FUntitled.png?table=block&id=7854980f-9960-4515-9fe0-41a9e13c6ea8&t=7854980f-9960-4515-9fe0-41a9e13c6ea8&width=2284&cache=v2)
正常上线,外网端口为我们CDN的端口,上线的请求也是我们在profile中配置的请求
Loading...